We’re investing in enterprise-ready improvements. Learn more about our pricing update →

🔎 Struggling to manage Confluence pages? Stay organized with Pages Manager! Learn more >

Excel‑like Bulk Issue Editor for Jira Now Runs on Atlassian! Read all about it >

Get Started
Get Started
All Posts

How Atlassian is Raising the Bar for App Security (and what it means for you)

Jul 29, 2025 • 5 min read

Topic

  • Security & Compliance

Author

Poju Yap

In This Blog

When you think of Atlassian, you might think of Jira, Confluence, or the Marketplace ecosystem that powers teams of every size. But there’s a quieter revolution happening behind the scenes—one that’s reshaping how apps are built, vetted, and trusted.

Over the past few years, Atlassian has introduced a series of programs and architectural changes that fundamentally raise the bar for Marketplace app security. For buyers and users, these changes don’t just mean better apps—they mean a shift in what you can expect from every vendor in the ecosystem.

Let’s break down what’s changing, and why it matters to you as someone evaluating, administering, or deploying Atlassian Marketplace apps.

 

The ecosystem is maturing

In the early days of the Atlassian Marketplace, apps were often seen as convenient add‑ons i.e. extra features built and hosted by vendors with varying levels of rigor. Security reviews and operational standards varied widely, leaving IT teams and procurement managers to ask, “Can we really trust this app with our data?”

Fast forward to today, and the conversation is different. Atlassian is actively shaping a more mature ecosystem, one where security, operational excellence, and transparency aren’t just nice‑to‑haves—they’re baseline expectations.

Key signals of trust

1. Built on Forge: A secure foundation

Atlassian’s Forge platform is more than a development toolkit. It’s a secure, serverless environment that eliminates the need for vendors to host their own infrastructure.

Why it matters: Apps built on Forge run within Atlassian’s cloud, which means no unknown third‑party servers handling your data.
What it means for you: Less time interrogating vendors about their hosting setup and more confidence in where your data lives.

2. Runs on Atlassian: Operational control, simplified

The Runs on Atlassian badge takes Forge even further. It signifies that an app’s entire backend infrastructure is managed within Atlassian’s cloud environment.

Why it matters: Vendors don’t handle or store your data outside of Atlassian’s managed environment.
What it means for you: Lower vendor risk profiles, faster procurement cycles, and fewer hurdles with data residency or compliance reviews.

3. Cloud Fortified: Enterprise‑grade assurance

The Cloud Fortified program sets a higher bar for support, reliability, and security. Apps in this program commit to:

  • Premium 24×5 support
  • Ongoing performance monitoring and SLAs
  • Proactive vulnerability scanning

What it means for you: These aren’t just apps with good features—they’re apps that align with enterprise expectations around uptime, responsiveness, and operational maturity.

4. Bug Bounty Program: Continuous testing for continuous trust

Security isn’t a one‑time checkbox. Atlassian’s Marketplace Security Bug Bounty Program brings in vetted security researchers to test apps for vulnerabilities on an ongoing basis.

Why it matters: Issues aren’t just caught at launch—they’re identified and addressed over time.
What it means for you: Confidence that your apps are under constant scrutiny, with transparent patching and Atlassian oversight.

What this means for you

These programs aren’t just badges, they’re signals that the ecosystem is evolving toward platform‑level security and shared responsibility. For you, this evolution changes the conversation:

  • For Jira and Confluence admins: Prioritize apps built on Forge and marked as Runs on Atlassian to save time on reviews and security questionnaires.
  • For IT decision‑makers: Lean on Atlassian’s trust programs as pre‑vetted indicators of operational maturity.
  • For teams in regulated industries: Simplify compliance with data residency, privacy, and audit requirements.
  • For end users: Feel confident that your data is handled with care, uptime is taken seriously, and support is reliable.

Ricksoft’s Commitment: Our apps and their badges

At Ricksoft, we’ve embraced these higher standards because we believe they’re the future of the Atlassian ecosystem. Many of our flagship Jira and Confluence apps already meet these trust signals: built on Forge, Runs on Atlassian, and Cloud Fortified, with ongoing participation in Atlassian’s Marketplace Security Bug Bounty Program.

👉 Explore our latest app badges and security status on our Security & Compliance hub or dive deeper into certifications at our Ricksoft Trust Center.

Why this matters now

Collaboration platforms like Jira and Confluence are at the heart of how modern teams work. Every app you add expands your capabilities, but it also introduces new risk.

Atlassian’s ecosystem‑wide push for stronger standards is a signal to buyers: you no longer have to settle for “good enough.” You can, and should, expect enterprise‑grade security and operational excellence from Marketplace vendors.

Final thoughts

Security and trust aren’t static checklists, they’re ongoing commitments. Atlassian’s programs are raising the bar across the Marketplace, making it easier for you to choose apps with confidence and for vendors like us to prove we’re worth that trust.

Related Articles